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IN THE CLAIMS : 

A listing of the status of all claims 1-26 in the present patent application is provided 

below: 

1. (Currently amended) A method for use in compliance management, comprising: 
presenting, via a computer network, ar lea s t on e a user with a series of questions 

relating to at least one business category; 

soliciting, via the computer network, a response from the m lorn* one u ser for each 

question presented; 

determining a detection index based on the number of responses,, anfl 

corresponding answer*, to each of the series of questions; 



compliance; 



determining an occurrence index based on the potential consequence of non- 



determining a standard severity risk index based. on the expected severity of non- 



compliance; and 

prioritizing, via the computer network, the at least one business category based on 
the atioast one user's responses and at least one total risk score comprising the product of the 
detection, occurrence and standard severity risk indices. 



-No. 



2. (Original) The meihod of claim 1 wherein the user response comprises a "Yes" or 



3. (Previously Presented) The method of claim i wherein the at least one standard 



severity risk index comprises a number between I and 10 corresponding to a specific level of 
risk. 
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4. (Original) The method of claim 3 wherein the number 4 T' comprises the lowest 
level of risk severity, and the number *U0" the highest level of severity. 

5. (Original) The method of claim 1 wherein the at least one standard severity risk 
index corresponds to the at least one business category. 

6. (Currently Amended) The method of claim 1 further comprising the step of 
determining a detection index based on the number of questions presented in the series of 
questions, the at least ono u ser's responses, and the number of users. 

7. (Canceled) 

8. (Canceled) 

9. (Previously Presented) The method of claim 1 further comprising ranking the at o 
least one business category based on the at least one total risk score. 

1 0. (Previously Presented) A system for use in compliance management, 
comprising: 

a query module associated with an engine tor presenting at least one user with a series of 
questions relating to at least one business category, and for soliciting and receiving responses 
from the at least one user for each question presented; 

a prioritization module associated with the engine for: (I) determining a detection index 
based on the number of responses to each of the series of questions, determining an occurrence 
index based on the potential consequence of non-compliance, and determining a standard 
severity risk index based on the expected severity of non-compliance, and (2) prioritizing the at 
least one business category based on the at least one user's responses and at least one total risk 
score comprising the product of a detection, occurrence and standard severity risk indices. 
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1 1 . (Original) The sysjem of claim 10 wherein the series of questions are presented to 
the user over a communications network. 

12. (Original) The system of claim 10 further comprising an administration module 
associated wiih the engine for inputting, updating and accessing data associated wiih the query 
and prioritization modules, the administration module being accessible to an administrator of the 
system via an administration interface. 

13. (Original) The system of claim 10 wherein the user response comprises a "Yes" 
or "No" response. 

14. (Original) The system of claim 10 wherein the at least one standard severity risk 
index comprises a number between 1 and 10 corresponding to a specific level of risk. 

1 5. (Original) The system of claim 14 wherein the number "1" comprises the lowest 
level of severity, and the number "JO" the highest level of severity. 

16. (Original) The system of claim 10 wherein the at least one standard severity risk 
index corresponds to the at least one business category. 

17. (Previously Presented) The system of claim 10 wherein rhe detection index is 
based on the number of questions presented in the series of questions, the at least one user's 
responses, and the number of users. 

18. (Canceled) 

19. (Canceled) 
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20. (Previously Presented) The system of claim 10 wherein prioritization module 
further ranks the at least one business category based on the at least one total risk score, 

21. (Previously Presented) The method of claim 1 wherein the detection is 
determined by the following formula: 

H 

£/{#of answers,) 

Detection index == B 

W)(n) 

wherein i refers to each possible response. 

# of answers, refers to the number of queries or questions thai were answered with a 
particular response f t 

n refers to the iota! number of queries or questions in that category, and 
d refers to the number of departments or units responding. 

22. (Previously Presented) The method of claim 1, wherein the occurrence index 
weighs the total risk score based on the potential consequences of non-compliance, 

23. (Currently Amended) The method of claim 1 , wherein the potential consequence 
of nnn-coTnplianceiiL3L!urr e nc e ind s * is based on the total number of agents or employees affected 
by non-compliance. 

24. (Currently Amended) The method of claim 351, wherein the potential 
consequen c e of non-compliance uoouiTOnoo indox ~is based on the total number of policies in 
force. 

25. (Previously Presented) A method for use in compliance management, 
comprising: 

presenting, via a computer network, at least one user with a series of questions 
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relating to at least one business category; 

soliciting, via the computer network, u response from the at least one user for each 
question presented; 

determining a detection index based on the number of responses to each of the 
series of questions; 

assessing a potential consequence of non-compliance, the potential consequence 
of non-compliance relating to parameters and the values of such parameters; 

determining an occurrence index based on the potential consequence of non~ 
compliance that was assessed, such that the occurrence index changes as the parameters 
associated with the potential consequence of non-compliance change, the occurrence index that 
is determined being one of at least three possible occurrence indices, the at least three possible 
occurrence indices being provided as possible occurrence indices; 

determining a standard severity risk index based on the expected severity of non- 
compliance; and 

prioritizing, via the computer network, the at least one business category based on 
the at least one user's responses and at least one total risk score, the at least one total risk score 
being based on the detection index, the occurrence index, and standard severity risk index. 

26. (Previously Presented) The method of claim I wherein the detection index is 
determined by a relationship between the number of queries or questions that were answered 
with a particular response, the total number of queries or questions in the category, and the 
number of departments or units responding. 
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